aboutsummaryrefslogtreecommitdiffstats
path: root/include/section_init.inc.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2010-09-13 20:52:20 +0000
committerplegall <plg@piwigo.org>2010-09-13 20:52:20 +0000
commit4fa3f949d9c838d7f759f667b075647b91ace300 (patch)
tree18cf086d58c419bec51794356e5cc6388407fb11 /include/section_init.inc.php
parent2c6ac64a9db92cfa098b4e436407a248cccbed60 (diff)
bug 1849 fixed: protect $_GET keys against SQL injections before parsing URL.
git-svn-id: http://piwigo.org/svn/branches/2.1@6905 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/section_init.inc.php')
-rw-r--r--include/section_init.inc.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/include/section_init.inc.php b/include/section_init.inc.php
index 35d93ba5c..74900af86 100644
--- a/include/section_init.inc.php
+++ b/include/section_init.inc.php
@@ -61,6 +61,10 @@ else
$rewritten = $key;
break;
}
+
+ // the $_GET keys are not protected in include/common.inc.php, only the values
+ $rewritten = pwg_db_real_escape_string($rewritten);
+
$page['root_path'] = PHPWG_ROOT_PATH;
}